improve search for local-network

[pve-firewall.git] / src / PVE / Firewall.pm

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index cf965645955fec3eb4a81856dc3c957f44093c15..ef74ca2fae597a882ea30e778c49cee8cfc5ff77 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -911,13 +911,17 @@ sub local_network {
            my $mask;
            if ($isv6) {
                $mask = $entry->{prefix};
+               next if !$mask; # skip the default route...
            } else {
                $mask = $PVE::Network::ipv4_mask_hash_localnet->{$entry->{mask}};
                next if !defined($mask);
            }
            my $cidr = "$entry->{dest}/$mask";
            my $testnet = Net::IP->new($cidr);
-           if ($testnet->overlaps($testip) == $Net::IP::IP_B_IN_A_OVERLAP) {
+           my $overlap = $testnet->overlaps($testip);
+           if ($overlap == $Net::IP::IP_B_IN_A_OVERLAP ||
+               $overlap == $Net::IP::IP_IDENTICAL)
+           {
                $__local_network = $cidr;
                return;
            }